14
Country Login Blocks
Idea shared by John Marx - 12/12/2018 at 6:51 AM
Under Consideration
I have seen a huge rise in the number of bad login attempts since logging into v17. It could be because my account is one that is being locked out (most likely the reason I am noticing).

I have gone into the logs in troubleshooting, view logs, type of Administrative, Display all related traffic, and filtering on the keyword "block". This is giving me the IP Address to see if it is outside the United States as we have no clients logging in on the United States. Then I am adding these to the Security, Blacklist with the full IP range of the attack.

My question is:

  1. Is this the best way
If the above is true I also want to request the following features or a link to give us the stats on the IP address, the complete range, etc. I am using https://www.whoisthisip.com/ to determine the country and ip range to block.

  1. Is it possible for a domain admin to unblock a user (I know if it is the domain user that we would have to do it for them?
  2. Is it possible to just block a country from login overall (e.g. only allow the United States)?
  3. Is it possible to email the administrator of the domain (or even the overall administrator -- myself) that a user is blocked (a daily report would suffice) with the user, IP address(es), etc.

11 Replies

Reply to Thread
0
To answer your question, yes it is possible and anything is possible.....
cPanel provides geoip blocking and we use it on our hosted servers.


Your question should be, will ST consider including it.
IMO, it should be available - security first, convenience second 
Jade https://absolutehosting.co.za
0
It would be possible to block by country. Version 15 had the feature to disable greylisting based on the country of the connection. Unfortunately this has been removed and it's not anymore available in v17 (don't know about va6). 

2
I would love this, and it makes me a sad panda that SmarterMail doesn't have such baked-in. 

Granted, we do have a large number of customers who travel overseas, but there are some regions where blocking wholesale would be far worth the few tech support tickets from customers who are on vacation in Aruba or hiking through the Andes, or on a mission in India, and just want to check their email. Honestly, between the Netherlands, Brazil, Turkey, Poland, Egypt, and Thailand, if we could geo-block just these we'd get rid of 98% of our Brute-Force traffic. We have been manually using the Blacklist in Smartermail to block an entire subnet after the third IP in an ASIN is blocked by Smartermail's IDS for Brute-Force, but it is tedious, time-consumming, and like swatting flies.

I suppose SmarterTools probably believes that this is a network layer issue rather than something to be solved at the application layer and that if a SmarterMail Admin were really serious about geo-ip blocking they'd just use Firewall Rules to block this traffic instead...and for the most part they aren't entirely wrong for thinking that. However, with the rising predominance of cloud services having the luxury of doing such things at the network layer is becoming increasingly rare and there should be a way to do this at the application layer within SmarterMail itself.
6
Matt Petty Replied
Employee Post
I like this idea, +1 from me. We'll see what happens. If you want I can turn this into a feature request for tracking.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
1
That would be great to change it. Thanks.
1
+1 here too. 
2
This would be the most awesome feature ever :) and why I wish SM had some awesome hook points to do stuff like this for those of us with programming skills. We did something similar to identify what country a sending mail server is from to allow some of our customers to block email coming from specific countries.
1
+1 here too
1
Adding a bump to this request as I think its something that would benefit all mail administrators.
Jade https://absolutehosting.co.za
0
Kyle Kerst Replied
Employee Post
Jade, in the meantime, you can add a whitelist entry covering the CIDR range for the country you want to allow in, then add blacklist entries for CIDR ranges covering the countries you want to block. SmarterMail will check the whitelist before checking the blacklist, so you should still be able to receive incoming email from desired countries while blocking access from the others. I know this isn't an ideal solution and can be pretty tedious, but should help clear up those brute-force attempts you're seeing originating in Russia. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Hey Kyle,

I did similar to what you suggested but ran out of time...
It would take literally a few hours just to block connections from Russia...

Geoip blocking is built to handle this without messing around with ASN'
Jade https://absolutehosting.co.za

Reply to Thread